Seven key changes public bodies must consider about the GDPR

Harry Leech

Data Protection Commissioner Helen Dixon
Data Protection Commissioner Helen Dixon

Public bodies, including government departments, semi-states and quangos, are subject to data protection laws in the same way that other organisations are, broadly speaking.

This is something which many public organisations are struggling with, according to the Office of the Data Protection Commissioner. 

Commenting at the publication of the 2016 report by her office earlier this week, Data Profession Commissioner Helen Dixon was certain that many state bodies have a long way to go in order to be compliant.

“State bodies need to comprehend that the obligations in law, and the requirement to be accountable for their processing of personal data, rest with them and they cannot simply legislate to transfer their obligations to the independent regulator,” she said. 

These responsibilities are going to be magnified significantly under the General Data Protection Legislation (GDPR) when it comes into effect in May 2018.

Here are 7 key areas for public bodies to consider about the GDPR. 

1. Under the GDPR, more data held by state bodies will be subject to data protection laws.

2. Information provided to data subjects will need to be easily accessible, concise, transparent, intelligible and easy to understand and written in clear and plain language – this may be a particular challenge for government departments. 

3. The new rules about 'transparency' means that more information will need to be provided to data subjects if it is requested.

4. It's not just about doing it, it is about being seen to do it – proving you are compliant is necessary if requested.

5. All public bodies will have to put in place appropriate processes to detect, report and investigate breaches in personal data that are compliant with the GDPR.

6. Under the new regulations, genetic and biometric data will need to be protected to the same level that sensitive data such as address & bank account details are.

7. This is far from a comprehensive list, and ignorance of the law is no excuse. Educate yourself and your staff about the GDPR and the responsibilities you and your organisations have towards the data of EU citizens. 

The DataSec 2017 conference takes place on 3rd of May in the RDS in Dublin.

The event will provide expert speakers, information and insight to help your business comply with GDPR and get the most out of the new legislation.  Click here to book your place now.